App Connectors provide the secure authenticated interface between a customer’s servers and the Private Applications cloud.

App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions.

• List of Platforms Supported by Private Applications
  • Amazon Web Services (AWS)
  • Linux (Red Hat Enterprise Linux 8 or 9)
  • Microsoft Azure
  • Microsoft Hyper-V
  • VMware vCenter or vSphere Hypervisor (ESXi)
  • Nutanix
  • Docker
  • OpenShift

  Close

App Connectors can be built in other hypervisor environments, such as KVM, and other cloud environments (i.e., Google Compute Platform, Oracle Cloud, etc.) by deploying a Linux instance and following the RPM-based deployment instructions. To learn more, see App Connector Deployment Guide for Linux.

App Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. The closest App Connector will be selected given the location of the user and the App Connector-to-application latency. Typically, they are deployed on network segments that can access secured applications and the Private Applications cloud simultaneously, such as in a DMZ. App Connectors only connect outbound; they do not need any inbound open ports to operate correctly. App Connectors are always active, so they are typically deployed in a redundant configuration. However, App Connectors never communicate with each other.

Before you begin, see App Connector Deployment Prerequisites which provides detailed information on VM image sizing and scalability, supported platform requirements, deployment best practices, and other essential guidelines.

Configuring connectors involves two main tasks:

1. Adding App Connectors using the Admin Portal, which includes obtaining an App Connector Provisioning Key.
2. Deploying App Connectors on the supported platform of your choice.

After an App Connector is added and deployed, it is displayed on the App Connectors page.

You can perform additional software management and maintenance tasks after deployment. To learn more, see Managing Deployed App Connectors and App Connector Software Updates.

About the App Connectors Page

On the App Connectors page (Infrastructure > Private Access > Component > App Connectors), you can do the following:

1. Configure the App Connectors settings. You can enable Auto Delete to remove disconnected or optionally disabled App Connectors after a set amount of days.
2. Expand all of the rows in the table to see more information about each App Connector.
3. Add a new App Connector.
4. Refresh the App Connectors page to reflect the most current information.
5. Filter the information that appears in the table. By default, no filters are applied.
6. View a list of all deployed App Connectors. App Connectors that you've added, but have not deployed, are not listed. For each deployed App Connector, you can see:
   • Name: The name of the App Connector. When expanded, the following information is displayed depending on the defined App Connector:
     • Description: The description of the App Connector, if available.
     • App Connector Group: The App Connector Group that the App Connector is a member of.
     • App Connector Host Platform: The platform that the App Connector is deployed on (e.g., AWS, Azure, ESXi, Docker, or Nutanix).
     • App Connector Host OS: The run time OS on which the App Connector is running (e.g., CentOS Linux 7, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9).
     • App Connector Package OS: The compile time OS on which the .rpm binary is packaged (e.g. Enterprise Linux 7).
     • Last Software Update: The date and time the App Connector was last updated to a newer software version.
     • Public Service Edge: The Public Service Edge that the App Connector connects to.
     • Last Connection to Zscaler: The last time the App Connector connected to Zscaler.
     • Last Disconnect from Zscaler: The last time the App Connector disconnected from Zscaler.
     • Location: The location where the App Connector Group that the App Connector belongs to is set up.
     • Public IP: The public IP address of the App Connector. Disconnected App Connectors show the last known public IP address.
     • Private IP: The private IP address of the App Connector. Disconnected App Connectors show the last known private IP address.
     • Uptime: The period of time the App Connector is available for use. Disconnected App Connectors show the value Not Available.
     • Enrollment Certificate: The certificate the App Connector uses for enrollment.
   • Manager Version: The version of the current App Connector Manager software. To learn more, see Understanding the Manager Software.
   • Current Software Version: The current App Connector software version.
   • Connection Status: The status of the App Connector connection.
   • Upgrade Status: The status of the last App Connector software update.
   • Status: Indicates whether the App Connector is enabled or disabled.
7. See a graphical view for how the App Connector connects to other configuration objects (e.g., App Connector group, Server group, etc.).

8. Edit the configuration of a deployed App Connector.
9. Delete a deployed App Connector configuration.